P
US9075970B2ActiveUtilityPatentIndex 52

Systems and methods for secure handling of secure attention sequences

Assignee: CITRIX SYSTEMS INCPriority: Feb 15, 2008Filed: Aug 29, 2013Granted: Jul 7, 2015
Est. expiryFeb 15, 2028(~1.6 yrs left)· nominal 20-yr term from priority
Inventors:INNES ANDREW
G06F 2221/2115H04L 63/08H04L 63/0884G06F 21/31H04L 67/08G06F 21/305H04L 63/10G06F 9/452H04L 63/0815H04L 63/0807
52
PatentIndex Score
0
Cited by
25
References
17
Claims

Abstract

A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for providing, by a trusted component, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine, the method comprising:
 executing, by a trusted computing base within an operating system executing on a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user; 
 receiving, by the executed user interaction component, a request directed to the operating system for access to a local secure desktop function that is one of:
 a request to lock the desktop appliance; 
 a request to logoff from the desktop appliance; 
 a request to shut down the desktop appliance; 
 a request to change a password on the desktop appliance; and 
 a request to launch a Task Manager application on the desktop appliance; 
 
 transmitting, by the desktop appliance, to a broker service, the received request; and 
 providing, by a remote machine, to the desktop appliance, access to a remote secure desktop function in satisfaction of the request for access to the local secure desktop function. 
 
     
     
       2. The method of  claim 1 , wherein transmitting, by the desktop appliance to a broker service, the received request comprises transmitting, by the desktop appliance, to the remote machine, the received request. 
     
     
       3. The method of  claim 1  further comprising identifying, by the broker service, the remote machine. 
     
     
       4. The method of  claim 1  further comprising preventing, by the user interaction component, execution, by the operating system, of a resource providing secure desktop functionality. 
     
     
       5. The method of  claim 1  further comprising: determining whether to transmit, by the desktop appliance, to a remote broker service, the received request; and providing, by the desktop appliance, access to the local secure desktop functionality. 
     
     
       6. The method of  claim 1 , wherein the secure attention sequence is one of: a first key combination of a control key, an alt key, and a delete key; a second key combination including a menu key; or a third key combination including an operating system specific meta key. 
     
     
       7. The method of  claim 5  further comprising transmitting, by the desktop appliance, to the remote machine, an identification of a modification made by the local secure desktop functionality. 
     
     
       8. A system for providing, by a trusted component, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine comprising:
 a user interaction component executed by a trusted computing base within an operating system executing on a desktop appliance, receiving a user request directed to the operating system, for access to a local secure desktop function that is one of:
 a request to lock the desktop appliance; 
 a request to logoff from the desktop appliance; 
 a request to shut down the desktop appliance; 
 a request to change a password on the desktop appliance; and 
 a request to launch a Task Manager application on the desktop appliance; 
 
 a broker service receiving the request from the desktop appliance, identifying a remote machine and transmitting the received request to the remote machine; and 
 a remote machine receiving the request and providing, to the desktop appliance, access to a remote secure desktop function in satisfaction of the request for access to the local secure desktop function. 
 
     
     
       9. The system of  claim 8  further comprising a broker interaction component executing on the desktop appliance and transmitting the request to the broker service. 
     
     
       10. The system of  claim 8  further comprising a desktop connection component executing on the desktop appliance and transmitting the received request to the remote machine. 
     
     
       11. A system for providing, by a trusted component, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine comprising:
 means for executing, by a trusted computing base within an operating system executing on a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user; 
 means for receiving, by the executed user interaction component, a request directed to the operating system for access to a local secure desktop function that is one of:
 a request to lock the desktop appliance; 
 a request to logoff from the desktop appliance; 
 a request to shut down the desktop appliance; 
 a request to change a password on the desktop appliance; and 
 a request to launch a Task Manager application on the desktop appliance; 
 
 means for transmitting, by the desktop appliance, to a broker service, the received request; and 
 means for providing, by a remote machine, to the desktop appliance, access to a remote secure desktop function in satisfaction of the request for access to the local secure desktop function. 
 
     
     
       12. The system of  claim 11 , wherein means for transmitting, by the desktop appliance to a broker service, the received request comprises means for transmitting, by the desktop appliance, to the remote machine, the received request. 
     
     
       13. The system of  claim 11  further comprising means for identifying, by the broker service, the remote machine. 
     
     
       14. The system of  claim 11  further comprising means for preventing, by the user interaction component, execution, by the operating system, of a resource providing secure desktop functionality. 
     
     
       15. The system of  claim 11  further comprising:
 means for determining whether to transmit, by the desktop appliance, to a remote broker service, the received request; and 
 means for providing, by the desktop appliance, access to the local secure desktop functionality. 
 
     
     
       16. The system of  claim 11 , wherein the secure attention sequence is one of: a first key combination of a control key, an alt key, and a delete key; a second key combination including a menu key; or a third key combination including an operating system specific meta key. 
     
     
       17. The system of  claim 15  further comprising means for transmitting, by the desktop appliance, to the remote machine, an identification of a modification made by the local secure desktop functionality.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.